Qualys

Qualys, Inc. is a provider of cloud security, compliance and related services for small and medium-sized businesses and large corporations based in Redwood Shores, California. Founded in 1999, Qualys was the first company to deliver vulnerability management solutions as applications through the web using a "software as a service" (SaaS) model, and as of 2013 Gartner Group for the fifth time gave Qualys a "Strong Positive" rating for these services. It has added cloud-based compliance and web application security offerings. Qualys has over 7,700 customers in more than 100 countries, including a majority of the Forbes Global 100.

E-SPIN and Qualys

E-SPIN have actively in promoting Qualys full range of products and technologies as part of the company Vulnerability Management, Penetration Testing and Security Management. E-SPIN is active in provide consulting, supply, training and maintaining Qualys products for the enterprise, government and military customers (or distribute and resell as part of the complete package) on the region E-SPIN do businesses. The enterprise range from corporate, universities, government agencies to IT service providers on data center, security management, security operation center (SOC), vulnerability management, vulnerability assessment center (VAC) and enterprise information security management / operations.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

The Qualys Cloud Platform

The Qualys Cloud Platform consists of suite of IT security and compliance solutions that leverage shared and extensible core services and a highly scalable multi-tenant cloud infrastructure.

Built on top of Qualys' Infrastructure and Core Services, the Qualys Cloud Suite incorporates the following applications, all of which are delivered via the cloud; there is no new software to deploy or infrastructure to maintain. Each application leverages the same scan data.

Continuous Monitoring

Delivers immediate alerts whenever threats or unexpected changes are found in an organization's Internet perimeter – before they turn into breaches.

Vulnerability Management

Discovers all devices and applications across the network, at the same time identifying and mitigating the vulnerabilities that make network attacks possible.

Expands the scope of risk and compliance data beyond technical vulnerabilities to verify that third-party vendors are in compliance with emerging regulatory requirements.

PCI Compliance

Provides small and medium-sized businesses with enterprise-level scanning and reporting that's easy to implement and maintain, and enabling large corporations to meet PCI compliance requirements for data protection on a global scale.

Web Application Scanning

Provides automated crawling and testing for custom web applications to identify vulnerabilities including for cross-site scripting and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure large numbers of websites.

Web Application Firewall

Protects websites against attacks on server vulnerabilities and web app defects. Brings Cloud scalability and simplicity that make it possible to strongly secure web apps against Cross-Site Scripting (XSS), SQL injection, corrupted requests and other attacks in less than 30 minutes.

Malware Detection

Proactively scans websites of any size, anywhere in the world, for malware infections and other threats, sending alerts to website owners. Enables businesses to scan and manage a large number of sites, preventing website black listing and brand reputation damage.

SECURE Seal

Enables online businesses of all sizes to scan their websites for the presence of malware, network and application vulnerabilities, as well as SSL certificate validation. Merchants can display the Qualys SECURE seal on their website, demonstrating to visitors that the company is committed to security.

Qualys Core Services enable integrated workflows, management and real-time analysis and reporting across all of our IT security and compliance solutions.

Asset Tagging and Management

Enables customers to easily identify, categorize and manage large numbers of assets in highly dynamic IT environments and automates the process of inventory management and hierarchical organization of IT assets.

Reporting and Dashboards

A highly configurable reporting engine that provides customers with reports and dashboards based on their roles and access privileges.

Questionnaires and Collaboration

A configurable workflow engine that enables customers to easily build questionnaires and capture existing business processes and workflows to evaluate controls and gather evidence to validate and document compliance.

Remediation and Workflow

An integrated workflow engine that allows customers to automatically generate helpdesk tickets for remediation and to manage compliance exceptions based on customer-defined policies, enabling subsequent review, commentary, tracking and escalation. This engine automatically distributes remediation tasks to IT administrators upon scan completion, tracks remediation progress and closes open tickets once patches are applied and remediation is verified in subsequent scans.

Creates email notifications to alert customers of new vulnerabilities, malware infections, scan completion, open trouble tickets and system updates.

Qualys infrastructure layer, which we refer to a sour Infrastructure, includes the data, data processing capabilities, software and hardware infrastructure and infrastructure management capabilities that provide the foundation for our cloud platform and allow us to automatically scale our Infrastructure and Core Services to scan millions of IPs.

Scalable Capacity
We have designed a modular and scalable infrastructure that leverages virtualization and cloud technologies. This allows our operations team to dynamically allocate additional capacity on-demand across our entire Qualys Cloud Platform to address the growth and scalability of our solutions.
Big Data Indexing and Storage
Built on top of our secure data storage model, this engine indexes petabytes of data and uses this information in real-time to execute tags or rules to dynamically update IT assets' properties, which are used in various workflows for scanning, reporting and remediation.
Qualys Knowledgeable
Qualys relies on our comprehensive repository, which we refer to as our KnowledgeBase, of known vulnerabilities and compliance controls for a wide range of devices, technologies and applications that powers our security and compliance scanning technology. We update our KnowledgeBase daily with signatures for new vulnerabilities, control checks, validated fixes and improvements.
Managed Sensors
As a core service of our cloud platform, Qualys sensors make it easy to extend security through your globally distributed environment. These sensors, which can be in the form of appliances or lightweight agents, are remotely deployable, centrally managed and self updating. To scan externally facing systems and web applications, we host and operate a large number of globally distributed physical scanner appliances. To scan internal IT assets, customers can also deploy our scanners, which are available on a subscription basis as physical appliances or downloadable virtual images, within their internal networks. Qualys Cloud Agents can be installed anywhere — including any host such as a laptop, desktop, server or virtual machine. Qualys Cloud Agents extract and consolidate vulnerability and compliance data and update it continuously within the Qualys Cloud Platform for further analysis and correlation, thus providing a continuous view of the security compliance posture of the global network. Our cloud agents and scanner appliances self-update daily in a transparent manner using our automated and proprietary scan management technology. These sensors allow us to scale our cloud platform to continuously scan networked devices and web applications across organizations' networks around the world.

Qualys Sensors, a core service of the Qualys Cloud Platform, make it easy to extend your security throughout your global enterprise. These sensors, which can be in the form of appliances or lightweight agents, are remotely deployable, centrally managed and self updating. They collect the data and automatically beam it up to the Qualys Cloud Platform,

which has the computing power to continuously analyze and correlate the information in order to help you identify threats and eliminate vulnerabilities

Qualys Cloud Agents provide an entirely new security asessment platform that can scale to handle millions of devices. These lightweight agents (3MB) can be installed anywhere- including any host such as a laptop, desktop, server or virtual machine. Qualys Cloud Agents extract and consolidate vulnerability and compliance data and update it continuously within the Qualys Cloud Platform for further analysis and correlation, thus providing a continuous view of the security compliance posture of the global network

INTERNAL SCANNING

Qualys Scanner Appliances

Qualys Scanners are appliance versions of the Internet Remote Scanners. Scanners enable customers to bring Qualys assessment capabilities to their internal networks. Installed in minutes and requiring no maintenance by the user, the hardened Linux appliance needs no special firewall configurations to obtain updates and new vulnerability signatures and perform scan jobs, returning results securely over a standard SSL-encrypted channel.

Qualys Virtual Scanner Appliances

Qualys software-based virtual scanner appliances are qualified to run on many of the most common virtualization and cloud platforms including VMware and Amazon EC2. These virtualized scanners supplement the current hardware-based Qualys Scanner Appliances. Like with the hardware-based scanners, customers can manage the virtual scanners from their Qualys accounts via a secure web interface, where all gathered scan data will be available for reporting and remediation. Installed in minutes and requiring no maintenance by the user, scanners needs no special configurations to obtain updates and new vulnerability signatures.

If interested on the product solution, feel free to contact E-SPIN for project and operation requirement.

Qualys Continuous Monitoring

A New Approach to Proactively Protecting Your Global Perimeter

Qualys Continuous Monitoring (CM) is a next-generation cloud service that gives you the ability to identify threats and monitor unexpected changes in your network before thy turn into breaches. The user can track what happens within their internal environments, anywhere in the world. Qualys Continuous Monitoring brings a new approach to vulnerability management and network security, enabling the user to immediately identify and proactively address potential problems

such as:

Unexpected Hosts/OSes

Expiring SSL Certificates

Inadvertently Open Ports

Severe Vulnerabilities

Undesired Software

Why Qualys Continuous Monitoring?

Continuous Monitoring enables customers to have the most comprehensive and up-to-date view of their entire organization.

It detects changes in your network that could be exploited and immediately notifies the IT staff responsible for the affected assets so they can take appropriate action.

Continuous Monitoring is designed specifically to be efficient and easy to use. It scales from one to a million users, from a single office to a global network.

Immediate deployment

No hardware to set up, always up-to-date

Global scalability

Add new perimeter and internal networks anytime, throughout the world

Multiple, unified solutions

One console for CM, VM and more

Centralized management

Apply alerting policies consistency across all your perimeter systems

Integrated Network Security: The Power of VM, made instantly actionable with CM

Qualys Continuous Monitoring (CM) works together with Qualys Vulnerability Management (VM) to provide true proactive network security. From a single console, user can explore hosts and digital certificates, organize assets by business function or technology, and set up automated, targeted alerts-for systems anywhere in the world. Qualys Cloud Platform keeps everything in sync, avoiding the redundancies and gaps that come with trying to glue together disparate, siloed solutions.

Global Monitoring

Hackers-Eye View of your Perimeter-from the Internet

To stop hackers, the user have to see their perimeter the same way they do-directly from the internet.Continuous Monitoring acts as a sentinel in the cloud: constantly watching your network for changes could leave you exposed

Automated Monitoring of your Global Perimeter

Continuous Monitoring efficiently tracks the systems in your global network, whether they are in one location, located in cloud environments, or spread across the globe. It monitors user critical internal IT assets such as desktops, servers, and other devices.

Targeted Alerts

Fine-grained control over when to generate an alert

Continuous Monitoring can tailor alerts to a wide variety of conditions so that the user can watch broadly for general changes or zero in on specific circumstances.

Efficient Alerts, directed to responsible IT staff

Continuous Monitoring gives you control over exactly who receives each alert, so that you can directly notify the most appropriate staff in each circumstance. This fress your security teams from the delays and burdens of waiting for scheduled scanning windows and sifting through long reports

Immediate Insights

Visual dashboard shows you the status of your network at a glance

User can immediately see the big picture on their network with Continuous Monitoring's visual dashboard. A quick overview and graphical representation of recent activity helps you spot anomalies, flag important alerts or hide ones you don't want to see. Then, find particular alerts quickly with rich interactive search, and drill into the details with a simple click.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Organizations that use MD will be able to quickly identify and eradicate malware that could infect their website visitors and lead to loss of data and revenue. MD supports regularly scheduled scanning to monitor websites on an ongoing basis, with email alerts to quickly notify organizations when infections are discovered. Malware infection details are provided so that organizations can take quick action to isolate and remove malware. Built on the world’s leading cloud-based security and compliance platform, Qualys MD requires no special hardware and can be set up with a few simple clicks.

Benefits of Qualys Malware Detection

Quickly identifies and aredicates malware

Monitor your websites at any scale with automated scans

Get immediate notification of zero-day malware detection

Cloud-based solution is simple to deploy and use because it requires no software to install and no ongoing maintenance

Key Features

Scalable,Accurate Scanning

Gives organizations the ability to scan, identify and remove malware infections from their web properties

Qualys Secure Seal

Qualys SECURE Seal is a new service that allows businesses of all sizes to scan their web sites for the presence of malware, network and web application vulnerabilities, as well as SSL certificate validation. Once a web site passes these four comprehensive security scans, the Qualys SECURE Seal service generates a seal for the merchant to display on their web site demonstrating to online customers that the company is maintaining a rigorous and proactive security program.

Leveraging QualysGuard's award winning scanning technology, Qualys SECURE Seal is the only web site security testing service that extends the ability to scan web site(s) for malware, network and web application vulnerabilities, as well as validating the web site's SSL certificate.

Qualys Web Application Firewall (WAF)

Qualys Web Application Firewall (WAF) is a next-generation cloud-based service that brings an unparelleled combination of scalability and simplicity to web application security. Its automated, adaptive approach lets you quickly and more efficiently block attacks on web server vulnerabilities, prevent disclosure of sensitive information, and control where and when your applications are accessed. Built on the world's leading cloud-based security and compliance platform, Qualys WAF complements the global scalability of Qualys Web Application Scanning (WAS). Together, they make identfying and mitigating web application risks seamless-whether you have a dozen apps or thousands. Qualys WAF can be deplyed in minutes, supports SSL/TLS, an ddoesn't require special expertise to use. It delivers a new level of web application security and compliance while freeing you from the substantial cost, resource and deployment issues associated with traditional products

Protection against clickjacking, cross-site scripting (XSS), and other browser-based attacks.

Blocking access from prohibited networks.

Preventing transmission of sensitive content or files.

Information

Provide your security team with continuous application security monitoring for accurate insight into risks affecting your web applications, and a clear path to remediating those vulnerabilities before a breach occurs.

Visual dashboard shows status at a glance. It summarizes events that occurred, when they occurred, and where they came from, to help teams spot unusual patterns.

Interactive insights into potential threats. A variety of attributes helps you assess severity and search for unusual activity.

Detailed understanding of each threat. Investigate suspicious activity by drilling into your data and the Qualys KnowledgeBase for actionable insight.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Qualys Vulnerability Management (VM)

Continuously detect and protect against attacks whenever and wherever they appear

Qualys Vulnerability Management (VM) is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches. Built on the world’s leading cloud-based security and compliance platform, Qualys VM frees you from the substantial cost, resource and deployment issues associated with traditional software products. Known for its fast deployment, unparalleled accuracy and scalability, as well as its rich integration with other enterprise systems, Qualys VM is relied upon by thousands of organizations throughout the world.

Benefits of Qualys Vulnerability Management

Accurate, prioritized results

Scalable solution for comprehensive security coverage of all networks and devices

Continuous Monitoring Targeted alerts from continuous monitoring are immediately directed to the appropriate staff for accelerated responses. This frees your teams from the delay of waiting for scheduled scanning windows and sifting through long reports. The continuous monitoring feature immediately and proactively identifies critical security issues such as:

Unexpected hosts/OSes.

Expiring SSL certificates.

Inadvertently open ports and services.

Severe vulnerabilities on hosts or in applications.

Undesired software on perimeter systems.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Qualys Policy Compliance (PC)

Qualys Policy Compliance (PC) is a cloud service that performs automated security configuration assessments on IT systems throughout your network. It helps yo to reduce risk and continuously comply with internal policies and external regulations. Built on the world's leading cloud-based security and compliance platform, Qualys PC frees you from the substantial cost, resource and deployment issues with traditional software products. Known for its fast deployment, ease of use, unparelled scalability, and rich integration with enterprise GRC systems, Qualys PC is relied upon by leading companies around the world

Benefits of Qualys Policy Compliance

Achieve and document compliance by finding and prioritizing configuration lapses to stay in continuous compliance

Integrate PC into your processes by sharing configuration data with your GRC, ticketing and help desk applications to centralize information and assign tasks

Know the true risk posture by seeing security configuration issues accurately, in one place

Cut compliance costs by reducing the effort and time required to assess your systems throughout your organization

Key Features

Qualys Cloud Platform

Revolutionize both security and compliance with the industry’s most integrated, scalable and extensible cloud platform.

Deliver & manage multiple solutions from a single environment

Deploy immediately from a public or private cloud – fully managed by Qualys and always up-to-date.

Scales up globally, on demand.

Centralize discovery of host assets for multiple types of assessments.

Organize host asset groups to match the structure of your business.

Define Policies

Interactively set up IT standards for hardening configurations and complying with relevant regulations.

Define configuration policies required for different environments and assets.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Qualys PCI Compliance

Cloud-based solution to help merchants and service providers quickly comply with PCI DSS

Qualys Malware PCI Compliance (PCI) provides businesses, online merchants and Member Service Providers the easiest, most cost-effective and highly-automated way to achieve compliance with the Payment Card Industry Data Security Standard. Known as PCI DSS, the standard provides organizations the guidance they need to ensure that payment cardholder information is kept secure from possible security breaches. Qualys PCI draws upon the same highly accurate scanning infrastructure and technology as Qualys’ flagship solution, Qualys Vulnerability Management – used by thousands of organizations around the world to protect their networks from the security vulnerabilities that make attacks against networks possible.

Simplify PCI Compliance via the Cloud

Qualys is an Approved Scanning Vendor

Qualys is approved by the PCI Council to help you fulfill quarterly network and application scanning requirements of PCI DSS. Delivered via our cloud platform, Qualys PCI is the most accurate, easiest-to-use solution for PCI compliance testing, reporting and submission. Qualys PCI enables merchants and Member Service Providers to automatically submit the PCI self-assessment questionnaires to acquiring banks, and conduct network and web application security scans to efficiently identify and eliminate security vulnerabilities

Note: even if your organization is not a typical “merchant,” it is required to comply with PCI DSS if it processes, stores or transmits payment card data. See PCI DSS for merchant and service provider levels and validation actions required for compliance.

STEP 1:Deploy – Up & Scanning in Minutes

As part of the award-winning Qualys Cloud Platform, Qualys PCI enables merchants and service providers of any size to deploy immediately and attain compliance as quickly as possible.

Through Qualys PCI, achieving PCI compliance status becomes a streamlined process that also provides the assurance that your network is highly secure.

Easy-to-follow step-by-step approach & compliance tips.

Required quarterly scans are automatically completed; scan as often as you like.

User-friendly interface, online help and 24x7x365 email/telephone support ensures success in understanding and achieving PCI compliance.

Scans all assets on-premise and in private, public or hybrid clouds.

Also Scans Web Apps – to Meet PCI DSS Requirement 6.6 This requirement now specifies that organizations maintain secure web applications. The Qualys PCI Web Application Scanning module provides users an automated tool for evaluating web applications before and after development ensuring that applications are built and maintained in a secure way. The WAS module allows users to:

Scan vulnerability types within any application (built or customized in-house or purchased).

PCI DSS also requires businesses to perform a network security scan every 90 days on all Internet facing networks and systems. To achieve compliance, businesses must identify and remediate all critical vulnerabilities detected during the scan. Qualys PCI:

Automates and greatly simplifies scanning and remediation.

Provides easy-to-use reporting of vulnerabilities that will cause you to fail PCI DSS.

Qualys Qualys, Inc. is a provider of cloud security, compliance and related services for small and medium-sized businesses and large corporations based in Redwood Shores, California. Founded in 1999, Qualys was the first company to deliver vulnerability management solutions as applications through the web using a “software as a service” (SaaS) model, and as of

Indication of Compromise. Qualys Cloud Platform to deliver threat hunting, detect suspicious activity, and confirm the presence of known and unknown malware for devices both on and off the network. From Qualys IOC’s single console, you can monitor current and historical system activity for all on-premise servers, user endpoints, and cloud instances — even for

Maintain full, instant visibility of all your global IT assets. Qualys AssetView is a cloud-based IT asset inventory service that lets your company search for information on any asset where an agent is deployed, scaling to millions of assets for organizations of all sizes. Global IT assets can be searched in seconds and an up-to-date

Pinpoint your most critical threats and prioritize patching. Qualys ThreatPROTECT (TP) is a cloud-based service that correlates external threat data against an organization’s internal vulnerabilities & lets IT pros automatically prioritize remediation work, such as patch deployment & risk mitigation. ThreatPROTECT pinpoints the IT assets at greatest risk, taking the guesswork out of what to

The Qualys SECURE Seal trustmark will automatically be displayed on your site after your sites passes a Qualys SECURE Seal scan consisting of the following: Malware Scan Evaluates the website for malicious software that could infect site visitors. Network Perimeter Vulnerability Scan Identifies externally facing vulnerabilities on the web server that allow attackers to access